For "The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them.' the standard that I've seen used is to tell people to e-mail private@ when they think they might have a security related issue. I think that would probably work well for Yunikorn too.
On Mon, Jan 10, 2022 at 7:04 AM Chenya Zhang <chenyazhangche...@gmail.com> wrote: > Hi Weiwei, > > Thanks for driving this! The evaluation is quite comprehensive overall. I > checked our Apache project maturity guidelines and noticed the below three > items. Not sure if we already have them but they are not blockers to our > graduation. We could think more about them along the way. > > QU30 > > The project provides a well-documented, secure and private channel to > report security issues, along with a documented way of responding to them. > > QU40 > > The project puts a high priority on backwards compatibility and aims to > document any incompatible changes and provide tools and documentation to > help users transition to new features. > > CO50 > > The project documents how contributors can earn more rights such as commit > access or decision power, and applies these principles consistently. > > > Thanks, > > Chenya > > > > On Mon, Jan 10, 2022 at 12:00 AM Weiwei Yang <w...@apache.org> wrote: > >> Hi YuniKorn community and mentors >> >> Based on the discussion thread [1], after 2 years time of incubating, it >> is >> considered that now is a good time to graduate YuniKorn from the ASF >> incubator and become a top-level Apache project. We have reviewed the ASF >> project maturity model [2] and provided some assessment of the project's >> maturity based on the guidelines. Details are included as the following. >> Please read this and share your thoughts by replying to this email, your >> feedback will be much appreciated!!! >> >> *Code, License, and Copyright* >> >> All code is maintained on github, under Apache 2.0 license. We have >> reviewed all the dependencies and ensured they do not bring any license >> issues. All the status files, license headers, and copyright are up to >> date. >> >> *Release* >> >> The community has released 5 releases in the past 2 years, i.e v0.8, v0.9, >> v0.10, v0,11, and v0.12. These releases were done by 5 different release >> managers [3] and indicate the community can create releases independently. >> We have also a well-documented release process, automated tools to help >> new >> release managers with the process. >> >> *Quality* >> >> The community has developed a comprehensive CI/CD pipeline as a guard of >> the code quality. The pipeline runs per-commit license check, code-format >> check, code-coverage check, UT, and end-to-end tests. All these are built >> as automated github actions, new contributors can easily trigger and view >> results when submitting patches. >> >> *Community* >> >> The community has developed an easy-to-read homepage for the project [4], >> the website hosts all the materials related to the project including >> versioned documentation, user docs, developer docs, design docs, >> performance docs. It provides the top-level navigation to the software >> download page, where links to all our previous releases. It also has the >> pages for the new contributors on-boarding with the project, such as how >> to >> join community meetings, events links, etc. >> >> The community shows appreciation to all contributors and welcomes all >> kinds >> of contributions (not just for code). We have built an open, diverse >> community and gathered many people to work together. With that, we have 41 >> unique code contributors and some non-code contributors as well. Many of >> them have becoming to be committers and PPMC members while working with >> the >> community. There were 2 new mentors, 8 new committers, 2 new PPMC from 6 >> different organizations [5] added in the incubating phase. And in total, >> the project has 6 mentors, 21 PPMC, and 27 committers from at least 14 >> different organizations. Community collaboration was done in a >> wide-public, >> open manner, we leverage regular bi-weekly/weekly community meetings for 2 >> different timezones [6] and dev/user slack channels, mailing lists for >> offline discussions. >> >> *Independence* >> >> The project was initially donated by Cloudera, but with a diverse open >> source community, it has been operated as an independent project since it >> entered into ASF incubator. The committers and PPMC members are a group of >> passionate people from at least 14 different organizations, such as >> Alibaba, Apple, Cloudera, Databricks, LinkedIn, Microsoft, Snowflake, etc. >> The project's success is not depending on any single entity. >> >> I have enough reasons to believe the project has done sustainable >> development successfully in the Apache way. Again, please share your >> thoughts, all YuniKorn contributors, committers, PPMC, and mentors. Thank >> you! >> >> [1] https://lists.apache.org/thread/dno411y59g2pcy1d3kd7s3kdjz9jw65n >> [2] >> https://community.apache.org/apache-way/apache-project-maturity-model.html >> >> [3] https://yunikorn.apache.org/community/download >> [4] https://yunikorn.apache.org/ >> [5] https://incubator.apache.org/projects/yunikorn.html >> >> [6] >> >> https://docs.google.com/document/d/165gzC7uhcKc5XDWiMYSRKBiPQBy2tDtXADUPuhGlUa0 >> > -- Twitter: https://twitter.com/holdenkarau Books (Learning Spark, High Performance Spark, etc.): https://amzn.to/2MaRAG9 <https://amzn.to/2MaRAG9> YouTube Live Streams: https://www.youtube.com/user/holdenkarau